Managing External CipherTrust Domains
This section describes how to manage external CipherTrust domains on CCKM.
Before proceeding, make sure to fulfill prerequisites.
Adding CipherTrust Domains
To add a CipherTrust domain to CCKM:
Log on to the CipherTrust Manager GUI as administrator.
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > CipherTrust Domains. The CipherTrust Domains page is displayed.
Click Add Domain. The Add Existing Domain page is displayed.
From the Connection drop-down list, select the desired CM connection to the CipherTrust Manager.
Click Save.
The CipherTrust domain is added to CCKM.
A message CipherTrust Domain added successfully is displayed on the screen.
Refreshing CipherTrust Domains
Refreshing is the process of downloading keys created on the CipherTrust domains to CCKM.
Refreshing All Domains
To refresh all CipherTrust domains:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > Ciphertrust Domains. CipherTrust Domains page is displayed. This page displays the list of CipherTrust Domains.
Click Refresh All. The "This may take a while..." message is displayed.
Note
Refreshing CipherTrust domains is a time intensive operation that could take several hours or days to complete. It will continue running in the background.
Click Refresh All to continue.
A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.
The refreshed domains are listed on the Cloud Keys > CipherTrust > CipherTrust (External) Keys page. Refer to Viewing CipherTrust (External) Keys for details.
Viewing/Editing Details of CipherTrust Domains
The CipherTrust Domains page shows the list of existing CipherTrust domains. Search for domains by Domain Name or Connection.
Viewing CipherTrust Domains Details
To view the details of CipherTrust domains:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > CipherTrust Domains. The CipherTrust Domains page displays the following details.
Column Description Domain Name Name of the CipherTrust domain. Click the link to view more details about the domain. Connection Name of the CipherTrust connection. Creation When the domain was created. Updated When the domain was updated.
|Last Refreshed|When the domain was last refreshed. `Never` is displayed for domains that are never refreshed.|
Click the Customize View () icon, select the desired option, and click OK to display the column.
Modifying CipherTrust Domain Details
To modify the details of a CipherTrust domain:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > CipherTrust Domains. The CipherTrust Domains page displays the list of added CipherTrust domains.
Click the overflow icon () corresponding to the desired CipherTrust domain and click View/Edit Details.
You can change the CM connection and its description, and modify user/group permissions on the CipherTrust domain. For details, refer to:
Changing the CM Connection
To change the CM connection:
Expand GENERAL INFO.
From the Connection drop-down list, select the desired CM connection.
Click Update.
A message Updated connection for this domain is displayed on the screen.
Managing User Permissions on CipherTrust Domains
To work with CipherTrust, users/groups must have the minimum set of permissions that allow them to use the CipherTrust resources such as CipherTrust keys and domains. Initially, the user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.
Note
Only the users who are member of the CCKM Users group will be granted permissions to perform operations on the CipherTrust domain.
To add permission for a user/group:
Expand ACCESS CONTROL.
In the ACCESS CONTROL section, click Assign User/Group. The Assign User/Group screen is displayed.
From the User/Group drop-down list, select the user or group to be assigned permissions.
Click Save.
The newly added user/group is displayed under Name in the ACCESS CONTROL section.
CCKM allows the following operations on the CipherTrust domains:
View Keys, Add Key, Delete Key
Refresh Domain
Granting Permission to Perform an Operation
To grant permissions to the user or group to perform any of the above mentioned operations:
Select the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A message Updated access control for this Project is displayed on the screen.
Removing a Permission
To remove a permission assigned to a user or group:
Clear the check box under the desired operation corresponding to the desired users or groups.
Click Update.
A message Updated access control for this Project is displayed on the screen.
Removing Permission from a User/Group
To remove current permissions assigned to the user/group:
Under Unassign, click the X button corresponding to the desired user/group. The Remove User / Remove Group screen is displayed.
Note
Removing this user/group will remove all permissions currently assigned to the user/group. Are you sure you want to continue?
Click Remove.
A message Updated access control for this Project is displayed on the screen.
Deleting CipherTrust Domains
To delete a CipherTrust domain:
Open the Cloud Key Manager application.
In the left pane, click KMS Containers > CipherTrust Domains. The CipherTrust Domains page is displayed. The CipherTrust Domains page displays the list of added CipherTrust Domains.
Click the overflow icon () corresponding to the desired CipherTrust Domain and click Delete. The Delete CipherTrust Domain screen is displayed.
Click Domain.
A message CipherTrust Domain deleted successfully is displayed on the screen.